Merchant information may have been stolen from Global Payments

Hackers might have stolen the personal information of individuals who applied for a merchant account with card payment processor Global Payments.

"We have recently learned of potential unauthorized access to servers containing personal information from a subset of merchant applicants," Paul Garcia, Global Payments' chairman and CEO, said during a conference call with shareholders on Tuesday.

It's not clear whether the attackers actually accessed or copied the merchant data stored on the server, Garcia said. "However, we are notifying certain individuals in the U.S. whose personal information may have been subject to access."

Affected individuals will be offered free credit monitoring services and identity protection insurance of US$1 million. The three U.S. major credit reporting agencies have also been advised about the incident, Garcia said.

Garcia declined to share an exact number of individuals potentially affected by the unauthorized access to servers that contained merchant data, citing an ongoing process of analyzing that information.

Back in April, Global Payments announced that hackers managed to break into its payment processing system and stole Track 2 data corresponding to almost 1.5 million credit and debit cards. Track 2 data includes account numbers and card expiration dates, but not cardholder names or Social Security numbers.

The data breach is still being investigated by security experts and law enforcement authorities. The unauthorized access to servers containing merchant data was uncovered as a part of that investigation.

Following the incident, some of the credit card brands removed Global Payments from their lists of service providers compliant with the payment card industry data security standard (PCI-DSS). The company has hired an independent security assessor to review its security procedures and plans to reapply for certification once that audit is complete.

The company did not specify what kind of personal details were potentially exposed by the newly discovered breach. However, the latest notifications are unrelated to cardholder data, Amy W. Corn, Global Payments' senior vice president of marketing and corporate communications, said via email.